Red Hat CERTIFICATE SYSTEM 8 Install Manual page 76

Chapter 4. Additional Installation Options
1. Copy the third-party libraries to a common directory, like /usr/lib for 32-bit systems or /usr/
lib64 for 64-bit systems.
There are two library files for the Certicom ECC modules, libsbcpgse.so and libsbgse2.so.
2. Cache the recent shared libraries.
ldconfig
3. Install the CA, but do not go through the configuration wizard.
4. Stop the CA.
service pki-ca stop
5. The CA runs as the pkiuser user. As root, create a home directory for pkiuser.
/usr/sbin/usermod --home /usr/share/pki/pkiuser pkiuser
cd /usr/share/pki
mkdir pkiuser
HOME=/usr/share/pki/pkiuser
export HOME
6. Open the subsystem's alias directory. For example:
cd /var/lib/pki-ca/alias
7. Install the third-party module in the CA's security databases so it is available for the configuration.
modutil -dbdir . -nocertdb -add certicom -libfile /usr/lib/libsbcpgse.so
This creates a .certicom directory in the new pkiuser home directory.
8. Certicom's ECC module includes an initpin file; copy this into the new pkiuser directory and give
it execute permissions. For example:
cp /tmp/initpin /usr/share/pki/pkiuser
chmod +x initpin
9. Run Certicom's initpin file from the /usr/share/pki/pkiuser directory. This first prompts
for the directory to use for the Certicom token databases; use the pkiuser home directory, /
usr/share/pki/pkiuser. This also prompts to set a password for the module, and then
proceed with configuring the module.
/usr/share/pki/pkiuser/initpin
Please enter the directory where the token databases exist or will
be created: /usr/share/pki/pkiuser
Enter PIN:
Confirm PIN:
Security Builder API for PKCS #11 Samples
66